'No evidence' of Chinese state attack on IT hardware supply-chain, says US director of national intelligence Dan Coats

Bloomberg claim that Chinese intelligence agents compromised motherboards questioned by US intelligence head

Dan Coats, the US director of national intelligence, has claimed that he has seen "no evidence" of the attack on the computing supply chain, as claimed in a report by Bloomberg last week.

That report had sensationally claimed that Chinese intelligence services had infiltrated a chip the size of a grain of rice onto motherboards destined for Apple, Amazon and US telecoms companies. The chip, the report added, could be used to compromise the servers on which they would be built-in to.

However, some of the companies named in the report issued unusually forthright denials of the claims made in the article, while technical experts have questioned whether it would be possible to compromise the server motherboards in the way described in the article.

And now, Coats has told a reporter from Cyber Scoop that "we've seen no evidence" of the claims made in the report, but added "We're not taking anything for granted".

Coats was speaking to the reporter at a cyber security event in Washington DC following a presentation in which he touched up security risks to the supply chain.

"Be aware of supply chain threats," Coats said in his speech. "Understand that cyberthreats to your supply chain are an insidious problem that can jeopardize the integrity of your products."

Coats' scepticism reflects similar scepticism expressed by US National Security Agency (NSA) senior advisor Rob Joyce who described the story as "a distraction" and the search for evidence as "potentially a waste of resources".

The UK's National Cyber Security Centre (NCSC) also came out with a statement claiming that it had seen no evidence to corroborate the story.

IT security failings are, increasingly, costing CISOs, CIOs and CEOs their jobs.

With business utterly dependent on IT, it's not enough for senior executives to dismiss security as ‘techie stuff'. At Computing's Enterprise Security & Risk Management Live event, hear from the National Crime Agency, ex-hackers and big-business CISOs to learn about how they are tackling cyber security.

For more information, check out the dedicated event website. Attendance is FREE to IT leaders and senior IT pros.